Friday, 23 June 2017

More on Android Trojan spying on Iranian users controlled via Telegram


IOCs

More samples with host URL and new Telegram Bots, details below:

0CFF8D65002CD6DFF2A6F79EEE6A25996AC7622452BC7A08BF55E4C540320812
https://navidtwobottt.000webhostapp.com/rat/
https://api.telegram.org/bot374463427

1D0770AC48F8661A5D1595538C60710F886C254205B8CF517E118C94B256137D
https://navidtwobottt.000webhostapp.com/rat
https://api.telegram.org/bot339912423

12A89CEF7D400222C61651ED5DF57A9E8F54FE42BC72ECEB756BB1315731F72D
https://navidtwobottt.000webhostapp.com/rat
https://api.telegram.org/bot391779082

47419E7E531C12C50134D21F486F6C4BF3A11983628D349599C6500ABCDB30F5
https://navidtwobottt.000webhostapp.com/rat
https://api.telegram.org/bot382578708

BFEB978B3998A18F852BE7012D82CB5C6F14DE67CD4C4521F3D5ACF0B01F987F
https://navidtwobottt.000webhostapp.com/rat
https://api.telegram.org/bot314010881

Hosting

NoteNo one of the names reported here are to be accused for anything. That's a collection of correlated info.

The samples shared by drweb, contain a URL the is registered to the details below. Will also be listed connected info found online:
  • Name: arash raso******h, آرش رسول زاده , 
  • E-mails: moh*******1396@gmail.com, arashrasoulzadeh@gmail.com
  • Hosts registered or connected:
    • dlappdev.ir
    • telememberapp.ir
    • http://varnacorp.com/
  • GitHub:
    • https://github.com/arashr*******deh?utf8=%E2%9C%93&tab=repositories&q=&type=fork&language=
    • Telegram related forks


Android binaries downloaded from dlappdev.ir have similarities with binaries that contain telememberapp.ir:



- Update - July 19, 2017

More info gathered by Iranian citizens here:
http://telescam.ir/home/2017/06/30/%D8%B1%D8%A7%D8%AA%D8%B1%D8%AA-%D8%A7%D9%86%D8%AF%D8%B1%D9%88%DB%8C%D8%AF-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86%DB%8C-%D8%A8%D8%A7-%D8%B9%D9%86%D9%88%D8%A7%D9%86-%D8%A7%DB%8C%D9%86%D8%B3%D8%AA%D8%A7-%D9%85/

Developing ..

p.s. No one of the names reported here are to be accused for anything. That's a collection of correlated info.

Monday, 3 April 2017

Mobile Security Research - 2017 Q1

Mobile Security Research - 2017 Quarter 1 (Jan, Febr and March)


Presentations, articles, papers, ML (machine learning) on Mobile Security for the first quarter of 2017.

Enjoy!